General
-
Target
bafb7ff6e0e02500cb9a8b01b0de9a745760ecdb9ed004e1f80c8ac283558df7
-
Size
669KB
-
Sample
240328-b9jhnsae38
-
MD5
4bc94be625631b334d912b7ab34e6855
-
SHA1
ab0a98cb3bb05477e5a53ea5a3db0f9ed48e2214
-
SHA256
bafb7ff6e0e02500cb9a8b01b0de9a745760ecdb9ed004e1f80c8ac283558df7
-
SHA512
b20fe361fd735057f1753a5f345de17ad423eb46acac73d5c53e26a0a139bcde59a5f5884baeaa044a3795b0aad01d98f8e9dd3bc6050e3d741c35426b895d67
-
SSDEEP
12288:bRH2iNlw0ZHttZXuCJDMnse8jOD3xUNoJxiwRm3XmpR+x7kR:h1X5ttZecDXLukoJRSuR+Q
Static task
static1
Behavioral task
behavioral1
Sample
bafb7ff6e0e02500cb9a8b01b0de9a745760ecdb9ed004e1f80c8ac283558df7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bafb7ff6e0e02500cb9a8b01b0de9a745760ecdb9ed004e1f80c8ac283558df7.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.trisquarespl.com - Port:
587 - Username:
fabrication@trisquarespl.com - Password:
YokTA(D3 - Email To:
jaredjames452@gmail.com
Extracted
Protocol: smtp- Host:
smtp.trisquarespl.com - Port:
587 - Username:
fabrication@trisquarespl.com - Password:
YokTA(D3
Targets
-
-
Target
bafb7ff6e0e02500cb9a8b01b0de9a745760ecdb9ed004e1f80c8ac283558df7
-
Size
669KB
-
MD5
4bc94be625631b334d912b7ab34e6855
-
SHA1
ab0a98cb3bb05477e5a53ea5a3db0f9ed48e2214
-
SHA256
bafb7ff6e0e02500cb9a8b01b0de9a745760ecdb9ed004e1f80c8ac283558df7
-
SHA512
b20fe361fd735057f1753a5f345de17ad423eb46acac73d5c53e26a0a139bcde59a5f5884baeaa044a3795b0aad01d98f8e9dd3bc6050e3d741c35426b895d67
-
SSDEEP
12288:bRH2iNlw0ZHttZXuCJDMnse8jOD3xUNoJxiwRm3XmpR+x7kR:h1X5ttZecDXLukoJRSuR+Q
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-